Description

The escrow account is an important component of the token wrapping process. It is used to hold the assets that back the wrapped tokens on chain. The main constraint applied to the escrow account is that the wrapped token authority is the authority of this account. It does not enforce that the escrow account is bound to the caller that wrapped the tokens to begin with.

This presents a potential problem. This design flaw means that other entities with wrapped tokens can use another entity's escrow account to unwrap their tokens to the source token. This forces the original caller to find another escrow with sufficient funds to perform the transfer, or they will be unable to unwrap their token at all. A caller may be forced to split up an unwrap call into multiple smaller transactions to satisfy the demand.

Impact

Callers may have to find escrow accounts other than the original escrow they created and intended for the wrapped mint in order to satisfy future unwrap calls. Programs expecting the escrow account to be the same for wrapping/unwrapping might experience denial of service on withdrawals.

Recommendations

Create a single escrow account via an ATA associated with the wrapped mint.

Remediation

This issue has been acknowledged by Anza, and a fix was implemented in commit 6c29a885↗.